Vulnerability Details
- CVE: CVE-2022-42003
- Severity: HIGH (CVSS 7.5)
- Affected dependency:
com.fasterxml.jackson.core:jackson-databind:2.13.1
Description
In FasterXML jackson-databind 2.13.1, there is a Denial of Service vulnerability via a large depth of nested objects when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This can be exploited via crafted JSON input to cause excessive resource consumption.
Remediation
Upgrade jackson-databind to >= 2.13.4.2 or upgrade the Spring Boot parent which manages this transitively.
Created to demonstrate the SAST → Automation → Devin remediation pipeline
Vulnerability Details
com.fasterxml.jackson.core:jackson-databind:2.13.1Description
In FasterXML jackson-databind 2.13.1, there is a Denial of Service vulnerability via a large depth of nested objects when the
UNWRAP_SINGLE_VALUE_ARRAYSfeature is enabled. This can be exploited via crafted JSON input to cause excessive resource consumption.Remediation
Upgrade jackson-databind to >= 2.13.4.2 or upgrade the Spring Boot parent which manages this transitively.
Created to demonstrate the SAST → Automation → Devin remediation pipeline